Sap Hana Extended Application Services vulnerabilities

CVE-2018-2451 [MEDIUM] CWE-613 CVE-2018-2451: XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding authorizations have been revoked meanwhile by an administra

CVE-2017-16680 [HIGH] CWE-74 CVE-2017-16680: Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines. Hence the interpretation of audit log files could be hindered or misdirected. 2) User Account and Auth

CVE-2017-16687 [MEDIUM] CWE-200 CVE-2017-16687: The user self-service tools of SAP HANA extended application services, classic user self-service, a The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if a given username is valid.